How do I convert my PEM format certificate to PKCS12 as required by the Java and .NET SDKs?

To convert your PEM certificate to a PKCS12 certificate, use a third-party tool. PayPal recommends OpenSSL, which you can download at www.openssl.org. The following instructions assume that you retain the default certificate filename of "cert_key_pem.txt."

Before you begin, note the following:

Windows users - If you get an error saying "openssl is not recognized as an internal or external command, operable program or batch file," this means that openssl is not in your PATH. To resolve this, either add the directory that contains the OpenSSL binary to your system PATH or save your PEM certificate file in the directory where the OpenSSL binary is. Depending on where you've installed OpenSSL, you should find the OpenSSL binary (openssl.exe) in the OpenSSL installation bin folder.

UNIX users - These instructions and screenshots are Windows-centric. Most UNIX hosts have OpenSSL already installed. If you're on a UNIX host, the command to convert the PEM to a .p12 file is the same as for Windows. Check to see if you have OpenSSL by typing openssl at the command line and pressing Enter. If you get anything other than an error indicating that OpenSSL can't be found, your machine likely has OpenSSL already installed and you can try running the command in Step 2.

PHP SDK users - This article applies only to the .NET and Java SDKs. PHP SDK users don't need to convert their PEM certificate to the .p12 format.

Open a command prompt and navigate to the directory that contains the cert_key_pem.txt file.